* Bastien ROUCARIES:
> Maybe crypto consolidation arround libnss will greatly help here.
> jessie release goal ?
NSS has lots of global state, and its proper initialization from
another library is difficult. Switching over to it is probably
doable, but it's not really straightforward. On the other hand, the
TLS implementation in NSS has been doing host name validation for a
long time, which is still problematic with some of the other
implementations.
NSS has its own problems with SUID/SGID binaries, but these could be
addressed by switching PR_GetEnv to secure_getenv.